1. Docs


Various errors can occur when calling methods within the Tenant Security Client. Errors can happen communicating with the Tenant Security Proxy, a tenant’s KMS configuration could be invalid, or a KMS could be unreachable from the Proxy. Usually these errors will be transient or easily fixable.

However, part of the purpose of CMK is that tenants can revoke a vendor’s access to their KMS so that they can no longer decrypt data stored with the vendor. In those situations, errors can be the result of an intentional decision on the part of the tenant.

Because of this, the Tenant Security Client uses custom exceptions that expose unique error codes, HTTP response messages, and error summaries to help communicate the problem that occurred. These exceptions should be parsed in order for your application to communicate the scope of the problem to the user. The full list of error codes can be seen within each client library’s documentation.

Parsing Errors (Java only)

Because all operations within the Tenant Security Client Java library return a CompletableFuture, handling these exceptions is not as straight forward as the usual try/catch blocks. Instead, operations will throw a ExecutionException which can be parsed to get to the underlying TenantSecurityException.

try{ Map<String, byte[]> decryptedValuesMap = client.decrypt(...).get(); } catch(ExecutionException e){ if (e.getCause() instanceof TenantSecurityException) { TenantSecurityException kmsError = (TenantSecurityException) e.getCause(); String message = kmsError.getErrorMessage(); TenantSecurityKMSErrorCodes errorCode = kmsError.getErrorCode(); int code = errorCode.getCode(); String codeInfo = errorCode.getMessage(); } }

Was this page helpful?